## Formal Verification of Analog Designs using

### BibTeX

@MISC{Denman_formalverification,

author = {William Denman and Behzad Akbarpour and Sofiène Tahar and Mohamed H. Zaki and Lawrence C. Paulson},

title = {Formal Verification of Analog Designs using},

year = {}

}

### OpenURL

### Abstract

Abstract—MetiTarski, an automatic theorem prover for inequalities on real-valued elementary functions, can be used to verify properties of analog circuits. First, a closed form solution to the model of the circuit is obtained. We present two techniques for obtaining the closed form solution. One is based on piecewise linear modeling and the inverse Laplace transform. The other is based on small-signal analysis and transfer function theory. Second, the properties of interest are turned into a set of inequalities involving analytic functions, which are proved automatically using MetiTarski. We verify properties concerning oscillation and the change in gain due to component tolerances. I.

### Citations

150 | PHAVer: Algorithmic Verification of Hybrid Systems Past HyTech
- Frehse
- 2005
(Show Context)
Citation Context ...y, we get the closed form solutions of the state variables. The property of interest is now: For a set of initial conditions, the trajectory of the oscillation reaches a final set and remains bounded =-=[21]-=-. The variables of the circuit that oscillate are VC and IL. This can be described formally as: Property 2: [VC > 0 ∧ VC < 0.9 ∧ IL > 0 ∧ IL < 0.08] MetiTarski proves both properties over the three mo... |

138 |
The TPTP Problem Library: CNF Release v1.2.1
- Sutcliffe, Suttner
- 1998
(Show Context)
Citation Context ... (TPTP) format, including the corresponding axioms, is then supplied to MetiTarski. MetiTarski uses an extension of the TPTP format, including infix notation for the arithmetic and relational symbols =-=[17]-=-, [18]. There exist advanced methods to automatically extract ODEs from a circuit description. In our previous work [8], we used the Dymola modeling framework to extract simplified ODEs from a SPICE n... |

90 |
Microelectronic Circuits
- Sedra, Smith
- 1998
(Show Context)
Citation Context ...l never pass some upper or lower bound”. For example, when the upper bound is 0.03, the property can be expressed as: Property 1: [IL ≤ 0.03] The Op-Amp is a popular device because of its versatility =-=[22]-=-. It is a fundamental building block of many designs including differential amplifiers, integrators, differentiators and digital to analog converters. One characteristic that makes verification of Op-... |

69 |
Liouillian first integrals of differential equations
- Singer
- 1992
(Show Context)
Citation Context ...onlinear systems. Extensions to our work could include methods for analytically solving systems of polynomial nonlinear ordinary differential equations. One such method is the Prelle-Singer procedure =-=[24]-=-, which is implemented in computer algebra systems such as REDUCE (the PSODE package [25]) and Maple (the PSsolver package [26]). Furthermore, the automation of the mechanical steps must be addressed.... |

58 | QEPCAD b: a program for computing with semi-algebraic sets using cads
- Brown
(Show Context)
Citation Context ...ued analytical functions, including the trigonometric and exponential functions. It works by a combination of resolution inference and algebraic simplification, invoking a decision procedure (QEPCAD) =-=[2]-=- to prove polynomial inequalities. Its axiomatic basis consists primarily of upper and lower bounds for the special functions, obtained from their power series or continued fraction expansions. The co... |

50 | Reachability analysis using polygonal projections, in: Hybrid Systems: Computation and Control
- Greenstreet, Mitchell
- 1999
(Show Context)
Citation Context ...h the work on developing finite-state discrete abstractions for computing reachability relations. Unfortunately, these methods are time bounded and computationally expensive. Greenstreet and Mitchell =-=[4]-=- attempted to overcome these limitations by discretizing the state space by incorporating projection techniques on the state variables. This introduces larger overapproximations but makes the verifica... |

42 | HySAT: An efficient proof engine for bounded model checking of hybrid systems
- Fränzle, Herde
(Show Context)
Citation Context ...inations until it is successful. A failing proof typically runs forever, though in some cases MetiTarski recognizes that no proof exists and halts with an appropriate message. Competing methods [13], =-=[14]-=- typically use a combination of constraint programming and interval arithmetic. They are often powerful, but have their own limitations. They do not return proof certificates, and they require all var... |

41 |
Towards formal verification of analog designs
- Gupta, Krogh, et al.
- 2004
(Show Context)
Citation Context ...ification more tractable. This allowedcircuits with a large state space to be verified using reachability analysis. These ideas inspired later work as in the model checking tools d/dt [5], Checkmate =-=[6]-=- and PHaver [7] and were respectively used in the verification of a biquad lowpass filter, a tunnel diode oscillator and a voltage controlled oscillator. Unfortunately, these three tools still rely on... |

40 | O.M.: Verification of analog and mixed-signal circuits using hybrid system techniques
- Dang, Donze
(Show Context)
Citation Context ...t makes the verification more tractable. This allowedcircuits with a large state space to be verified using reachability analysis. These ideas inspired later work as in the model checking tools d/dt =-=[5]-=-, Checkmate [6] and PHaver [7] and were respectively used in the verification of a biquad lowpass filter, a tunnel diode oscillator and a voltage controlled oscillator. Unfortunately, these three tool... |

32 | Verifying analog oscillator circuits using forward/backward abstraction refinement
- Frehse, Krogh, et al.
(Show Context)
Citation Context ...tractable. This allowedcircuits with a large state space to be verified using reachability analysis. These ideas inspired later work as in the model checking tools d/dt [5], Checkmate [6] and PHaver =-=[7]-=- and were respectively used in the verification of a biquad lowpass filter, a tunnel diode oscillator and a voltage controlled oscillator. Unfortunately, these three tools still rely on the use of tim... |

21 |
The Circuits and Filters Handbook
- Chen
- 1995
(Show Context)
Citation Context ... of segments, the more precise the model will be, but with an increased computing cost. Even though precision is lost with this transformation, we defend our modeling choice for the following reasons =-=[16]-=-: Fig. 3. Maple Eval Initial Conditions Mode N+1 Determining the Closed Form Solutions for Each ModeB. Obtaining the Closed Form Solution : Linearization at the DC Operating Point In the first method... |

16 |
Formal Verification of Analog and Mixed Signal Designs: A Survey
- Zaki, Tahar, et al.
(Show Context)
Citation Context ...aper can be entirely automated and therefore could be applied to more than just basic academic problems. For information about the state of analog and mixedsignal verification, see the survey article =-=[12]-=-. MetiTarski further depends upon being supplied with axioms approximating the functions of interest with upper or lower bounds. These approximations could be polynomials, ratios of polynomials or exp... |

16 |
Computing Closed Form Solutions of First Order ODEs Using the Prelle–Singer Procedure
- Man
- 1983
(Show Context)
Citation Context ...ystems of polynomial nonlinear ordinary differential equations. One such method is the Prelle-Singer procedure [24], which is implemented in computer algebra systems such as REDUCE (the PSODE package =-=[25]-=-) and Maple (the PSsolver package [26]). Furthermore, the automation of the mechanical steps must be addressed. This will include an investigation on methods to automatically calculate the piecewise l... |

14 |
A formal approach to verification of linear analog circuits with parameter tolerances
- Hedrich, Barke
- 1998
(Show Context)
Citation Context ...n Tables I and II. B. Operational Amplifier In this final example, a frequency domain property of a CMOS Operational Amplifier will be analyzed and verified. I BIAS In - Fig. 9. Operational Amplifier =-=[23]-=- To begin verification, the circuit is first linearized at its operating point and then using nodal analysis (Kirchhoff’s current and voltage laws), the following transfer function is extracted H(s) =... |

13 |
Formal Verification for Nonlinear Analog Systems: Approaches to Model and Equivalence Checking, Advanced Formal Verification
- Hartong, Klausen, et al.
- 2004
(Show Context)
Citation Context ...ole in many communication systems, in particularly for generating a periodic signal needed for the frequency translation between carriers. The tunnel diode oscillator has been previously used in [6], =-=[20]-=-, as a benchmark for analog formal verification techniques and thus serves as an appropriate example for demonstrating our methodology. Amplifiers are the most basic component in analog circuits, whic... |

11 | Formal verification of synthesized analog designs
- Ghosh, Vemuri
- 1999
(Show Context)
Citation Context ...rn is the automated verification of analog circuits using deductive methods. In an early attempt at using theorem proving for the formal verification of synthesized analog circuits, Ghosh and Vermuri =-=[10]-=- proved the equivalence of analog designs that contain linear components and components with behaviour that can be represented by piecewise-linear (PWL) models. The PVS higher-order logic theorem prov... |

9 | and L.C.Paulson. MetiTarski: An Automatic Prover for the Elementary Functions
- Akbarpour
(Show Context)
Citation Context ...roperties can be checked and counter-examples automatically generated. In particular, theorem proving can deliver the highest level of assurance for verification: an explicit formal proof. MetiTarski =-=[1]-=- is an automatic theorem prover for realvalued analytical functions, including the trigonometric and exponential functions. It works by a combination of resolution inference and algebraic simplificati... |

6 |
Reasoning about analog-level implementations of digital systems
- Hanna
- 2000
(Show Context)
Citation Context .... The PVS higher-order logic theorem prover is then used to prove the implication between implementations and behavioural specifications built in VHDL-AMS. In similar work with theorem provers, Hanna =-=[11]-=- uses formal logic to define the behaviour of predicates over voltage and current waveforms. The basic behaviour of components such as resistors, power supplies and transistors are defined and then us... |

5 | Applications of MetiTarski in the verification of control and hybrid systems
- Akbarpour, Paulson
- 2009
(Show Context)
Citation Context ...functions by appropriate bounds. The general resolution procedure, aided by heuristics that isolate function occurrences, accomplishes this transformation. Proofs are typically found in a few seconds =-=[3]-=-. MetiTarski outputs machine-readable resolution proofs, which include algebraic simplification and decision procedure calls in addition to the familiar resolution rules. These proofs, which can be ch... |

3 |
A bond graph approach for the constraint based verification of analog circuits
- Denman, Z, et al.
- 2008
(Show Context)
Citation Context ...ther track of work has been conducted on qualitative based methods for the construction and verification of abstract models, which overcomes the time bound requirement of the reachability methods. In =-=[8]-=-, the authors used HybridSAL [9] to generate an abstract model of several analog oscillators. Symbolic model checking was then used to prove safety properties on the generated abstract state space. Th... |

3 |
HybridSAL: A tool for abstracting HybridSAL specifications to SAL specifications
- Tiwari, International
- 2007
(Show Context)
Citation Context ...ucted on qualitative based methods for the construction and verification of abstract models, which overcomes the time bound requirement of the reachability methods. In [8], the authors used HybridSAL =-=[9]-=- to generate an abstract model of several analog oscillators. Symbolic model checking was then used to prove safety properties on the generated abstract state space. The difficulty in particular with ... |

1 |
HSolver : Verification of hybrid systems based on the constraint solver RSolver.” http://hsolver.sourceforge.net
- Ratschan, She
(Show Context)
Citation Context ...s combinations until it is successful. A failing proof typically runs forever, though in some cases MetiTarski recognizes that no proof exists and halts with an appropriate message. Competing methods =-=[13]-=-, [14] typically use a combination of constraint programming and interval arithmetic. They are often powerful, but have their own limitations. They do not return proof certificates, and they require a... |

1 |
Canonical piecewise-linear analysis: Generalized brake point hopping algorithm
- Chua, Deng
- 1985
(Show Context)
Citation Context ...vanced methods to automatically extract ODEs from a circuit description. In our previous work [8], we used the Dymola modeling framework to extract simplified ODEs from a SPICE netlist. Chua and Deng =-=[19]-=- provide an automated method to generate the PWL model of certain Fig. 5. Tunnel Diode Oscillator Circuit analysis is used to determine the differential equations of the circuit. They are defined as V... |

1 |
An extension of the prelle- singer method and a maple implementation
- Duarte, Duarte, et al.
- 2002
(Show Context)
Citation Context ...y differential equations. One such method is the Prelle-Singer procedure [24], which is implemented in computer algebra systems such as REDUCE (the PSODE package [25]) and Maple (the PSsolver package =-=[26]-=-). Furthermore, the automation of the mechanical steps must be addressed. This will include an investigation on methods to automatically calculate the piecewise linear functions of nonlinear circuit e... |